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The Claims 

1-2. (Canceled) 

3. (Previously presented) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
generating a seed value; 

producing a hash seed value based on the seed value using a one-way hash 
function; 

generating an application storage key from the hash seed value; 
encrypting the information using the application storage key; and 
associating the access predicate with the encrypted information. 

4. (Previously presented) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
generating a seed value; 

producing a first hash seed value based on the seed value using a one-way 
hash function, 

producing a second hash seed value based on the seed value and a user 
identifier using a keyed hash function; 

generating a user storage key from the second hash seed value; 
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encrypting the information using the user storage key, and 
associating the access predicate with the encrypted information. 

5. (Canceled) 

6. (Previously presented) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 

associating the access predicate with the encrypted information; 

obtaining an operating system storage key; 

encrypting the access predicate with the operating system storage key; and 
encrypting a plurality of other storage keys using the operating system 

storage key, wherein the other storage keys are selected from the group consisting 

of application storage keys and user storage keys. 

7. (Previously presented) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 

associating the access predicate with the encrypted information; 
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generating a seed value; 

2 generating an operating system storage key based on the seed value; and 

3 encrypting the access predicate with the operating system storage key. 



4 



2 



5 8. (Previously presented) A computerized method for key-based 

6 secure storage comprising: 

7 downloading information and an access predicate that specifies 
requirements for an application to access the information; 

9 generating a seed value for the application; 

10 producing an application hash seed value based on the seed value for the 

11 application using an application-specific one-way hash function; 

12 generating an application storage key from the application hash seed value; 

13 generating a seed value for a user; 

14 producing a first user hash seed value based on the seed value for the user 

1 5 using a one-way hash function; 

16 producing a second user hash seed value based on the first user hash seed 

17 value and a user identifier using a keyed hash function; 

18 generating a user storage key from the second user hash seed value, the 

19 application storage key and the user storage key to encrypt information containing 

20 a portion specific to an application and a portion specific to the user; 

21 encrypting the information using the application storage key and the user 

22 storage key; and 

23 associating the access predicate with the encrypted information. 



24 
25 
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9. (Previously presented) A computerized method for key-based 
secure storage comprising; 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 
obtaining a storage key; 

encrypting the information using the storage key; 
associating the access predicate with the encrypted information; 
storing the storage key in a key vault provided by a third-party; and 
recovering the storage key from the key vault. 

10, (Original) The computerized method of claim 9, wherein 
recovering the storage key comprises: 

requesting recovery of the storage key; and 

providing information to the third-party to enable validation of the request. 

11. (Previously presented) The computerized method of claim 9, 
further comprising: 

selecting the key vault from a plurality of key vaults provided by a trusted 
operating system. 

12, (Previously presented) The computerized method of claim 9, 
further comprising: 

selecting the key vault designated by a provider of the information. 

13-14. (Canceled) 
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15. (Previously presented) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
to generate an operating system storage key based on an identity for the operating 
system and based on a seed. 

1 6. (Previously presented) A computer system comprising; 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; 

a generate key function executed from the computer-readable medium by 
the processing unit, wherein the generate key function causes the processing unit 
to generate an operating system storage key based on an identity for the operating 
system; 

an application specific one-way hash function executed from the 
computer-readable medium by the processing unit, wherein the application 
specific one-way hash function causes the processing unit to generate an 
application storage key from a hashed seed; and 
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1 a generate application key function executed from the computer-readable 

2 medium by the processing unit, wherein the generate application key function 

3 causes the processing unit to generate the hashed seed from an application seed. 

4 

5 1 7. (Previously presented) A computer system comprising: 

6 a processing unit; 

7 a system memory coupled to the processing unit through a system bus; 

8 a computer-readable medium coupled to the processing unit through a 

9 system bus; 

10 a generate key function executed from the computer-readable medium by 
u the processing unit, wherein the generate key function causes the processing unit 

1 2 to generate an operating system storage key based on an identity for the operating 

13 system; 

t4 a key-hash function executed from the computer-readable medium by the 

is processing unit, wherein the key-hash function causes the processing unit to 

16 generate a user storage key from a hashed seed and an identity for the user; 

l? a one-way hash function executed from the computer-readable medium by 

is the processing unit, wherein the one-way hash function causes the processing unit 

19 to generate the hashed seed from a previously hashed seed; and 

20 a generate user key function executed from the computer-readable medium 
i\ by the processing unit, wherein the generate user key function causes the 
22 processing unit to generate the previously hashed seed from a user seed. 

23 

24 18. (Canceled) 

25 
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1 9. (Previously presented) A computer system comprising: 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; and 

a trusted operating system executed from the computer-readable medium by 
the processing unit, wherein the trusted operating system causes the processing 
unit to: 

encrypt downloaded information using a storage key based on a seed 

value, 

encrypt an access predicate associated with the downloaded 
information using an operating system storage key, 

encrypt the seed value for the storage key using the operating system 
storage key, and 

associate the encrypted access predicate with the encrypted seed 

value. 

20. (Previously presented) The computer system of claim 19, 
wherein the trusted operating system further causes the processing unit to validate 
each application requesting access to the downloaded information using the access 
predicate, and decrypts the seed value for use by a validated application* 

21. (Previously presented) The computer system of claim 19, 
wherein the storage key used to encrypt the downloaded information is specific to 
an application. 
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22. (Previously presented) A computer system comprising; 
a processing unit; 

a system memory coupled to the processing unit through a system bus; 
a computer-readable medium coupled to the processing unit through a 
system bus; and 

a trusted operating system executed from the computer-readable medium by 
the processing unit* wherein the trusted operating system causes the processing 
unit to encrypt downloaded information using a storage key based on a seed value, 
and wherein the storage key used to encrypt the downloaded information is 
specific to a user. 

23-24. (Canceled) 

25. (Previously presented) A computerized method for key-based 
secure storage comprising: 

downloading information and an access predicate that specifies 
requirements for an application to access the information; 

obtaining a storage key; 

encrypting the information using the storage key; 
associating the access predicate with the encrypted information; 
storing the storage key in a key vault provided by a third-party; 
recovering the storage key from the key vault; and 

selecting the key vault from a plurality of key vaults provided by an 
authenticated operating system. 
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1 

2 26. (Canceled) 

3 

4 27. (Previously presented) A computer system comprising: 

5 a processing unit; 

6 a system memory coupled to the processing unit through a system bus; 

7 a computer-readable medium coupled to the processing unit through a 
s system bus; and 

9 an authenticated operating system configured to execute on the processing 

10 unit from the computer-readable medium, the authenticated operating system 

1 1 causing the processing unit to encrypt downloaded information using a storage key 

12 based on a seed value; 

13 wherein the authenticated operating system further causes the processing 

14 unit to encrypt an access predicate associated with the downloaded information 
is using an operating system storage key, to encrypt the seed value for the storage 

16 key using the operating system storage key, and to associate the encrypted access 

17 predicate with the encrypted seed value, 
is 

19 28. (Previously presented) The computer system of claim 27, wherein 

20 the authenticated operating system further causes the processing unit to validate 

21 each application requesting access to the downloaded information using the access 

22 predicate, and decrypts the seed value for use by a validated application. 

23 
24 
25 
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29. (Previously presented) The computer system of claim 27, wherein 
the storage key used to encrypt the downloaded information is specific to an 
application. 



3 
4 

5 I 30. (Previously presented) The computer system of claim 27, wherein 

6 the storage key used to encrypt the downloaded information is specific to a user. 
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